[PATCH] ng_tag - new netgraph node,
please test (L7 filtering possibility)
Vadim Goncharov
vadimnuclight at tpu.ru
Mon Jun 12 09:56:01 UTC 2006
12.06.06 @ 05:30 Joao Barros wrote:
> ld -d -warn-common -r -d -o ng_tag.kld ng_tag.o
> touch export_syms
> awk -f /sys/conf/kmod_syms.awk ng_tag.kld export_syms | xargs -J%
> objcopy % ng_tag.kld
> ld -Bshareable -d -warn-common -o ng_tag.ko ng_tag.kld
> objcopy --strip-debug ng_tag.ko
> ultra5# kldload ./ng_tag.kld
> kldload: can't load ./ng_tag.kld: Exec format error
> ultra5# file ng_tag.kld
> ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD),
> not stripped
Huh, you should load ng_tag.ko, not ng_tag.kld - as you can see ng_tag.ko
(final version) is produced from ng_tag.kld (immediate file).
Another possibility you should mention is using both firewalls at the same
time, ipfw and pf. The rule order traversal, AFAIK, depends on order of
module loading, so you should experiment a little with it.
--
WBR, Vadim Goncharov
More information about the freebsd-net
mailing list